//package com.ler.webapp.config;
//
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.http.SessionCreationPolicy;
//import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
//import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
//import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
//import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
//import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
//
//import javax.annotation.Resource;
//
//@Configuration
//@EnableResourceServer    //标记是一个资源服务 TODO 需要解析 因为网关层没有做
//public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
//
//    @Resource
//    private RemoteTokenServices tokenServices;
//
//    //配置此资源的id
//    public static final String RESOURCE_ID = "res1";
//
//    @Override
//    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
//        resources.resourceId(RESOURCE_ID)   //资源id
//                .tokenServices(tokenServices)
//                .stateless(true);
//    }
//
//    @Override
//    public void configure(HttpSecurity http) throws Exception {
//        http.authorizeRequests()
//                .antMatchers("/**").access("#oauth2.hasScope('all')")  //必须作用域是all才可以访问资源
//                .and()
//                .csrf().disable()
//                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); //关闭session
//    }
//
//    //配置资源令牌解析服务
//    @Bean
//    public ResourceServerTokenServices tokenServices(){
//        //使用远程服务请求授权服务器校验token,必须指定校验token 的url、client_id，client_secret
//        RemoteTokenServices remoteTokenServices = new RemoteTokenServices();
//        remoteTokenServices.setCheckTokenEndpointUrl("http://localhost:5001/oauth/check_token");
//        remoteTokenServices.setClientId("c1");
//        remoteTokenServices.setClientSecret("secret");  //客户端密钥
//        return remoteTokenServices;
//    }
//}
